BLOG | The future of verification – an Onfido roundtable

The security, protection and verification of identities and their data is a big concern for business. While fraud-related issues are keeping companies on their toes, end users are increasingly concerned about who holds their data – and how they use it. And with the implementation of the General Data Protection Regulation (GDPR) in May, it’s only going to get more complex. Data’s increasingly becoming a fundamental concern, as businesses try to meet global data privacy requirements without compromising on the end user’s experience.

As a provider of world-leading verification technology, we’re at the forefront of these debates. That’s why we recently gathered industry leaders together to discuss these challenges and how we can best address them.

It was great to engage with you all, and to hear your insights, feedback and queries about the future of verification. Here’s what we took away from the session…

Regulation and the right to be forgotten

GDPR will soon be upon us, and while it’s good news for individuals, who’ll have greater control over their personal data, the new regulation will bring big challenges for business. Working out what information companies can hold, maintaining a good end-user experience and protecting the end user’s right to have their data deleted are all high on the list of concerns.

We discussed the right to be forgotten. At Onfido, we’re building the tools for our clients to manage their data relationship with Onfido. This includes the ability to delete individual and bulk end user data from our systems through the Onfido Dashboard, as well as an API call.

We are also seeking to bring enhanced transparency to the identity verification industry. A core part of our tech is the machine learning models we use to locate and extract information in government IDs, detect signs of fraudulent activity, and to perform facial verification. When we identify a fraudulent government ID, we add it to our database so that if it comes through our system again in the future, we’ll be able to recognise it and help reduce fraud. You can read more about this data usage in our new privacy policy.

Our aim is to be as transparent as possible, so end users and clients are empowered to make informed decisions about their data.

The future is facial

We’ve long been proponents of using facial biometrics instead of other methods, like fingerprint or social media verification.

Some banks have started using social media verification, though it’s a method that’s “complicated” – as one participant described it. At the moment, social media signals just aren’t strong enough to satisfy industry regulators. This method also means excluding people who don’t use social media, making it self-defeating as a means of identity verification.

Instead, we’ve seen an industry-wide move towards solutions based on facial recognition. We expect facial recognition to become the standard in the next few years – so that if you’re at home verifying your identity, you’ll be able to match your face to your government ID in real time.

Collaboration is key

One of you asked whether a decentralised blockchain solution is the key to unlocking the identity conundrum. We see blockchain as a delivery vehicle which allows for greater security and privacy than centralised models. One option might be an industry-wide consortium, whereby an end user could verify their identity on one service, and use it to gain access to several others. It’s difficult for businesses to adapt their security measures, but collaborating and sharing resource could help accelerate change.

Reducing fraud and ensuring the integrity of our clients’ platforms means striking a careful balance between the need to preserve end users’ fundamental rights to the protection of their personal data and privacy. But it’s a balance we think we can achieve. Working together, we believe we can create a compliant and secure environment that suits everyone, and we’re passionate about making it happen.